What is the CVSS score of CVE-2020-37124?

CVE-2020-37124 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Is there a public PoC exploit available for CVE-2020-37124?

Yes, a public proof-of-concept exploit is available for CVE-2020-37124. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2020-37124?

Within 24 hours: Inventory all systems running B64dec 1.1.2 and isolate them from production networks if possible; disable the application if not business-critical. Within 7 days: Implement network segmentation and WAF rules to restrict access to B64dec instances; evaluate alternative base64 decoding solutions for replacement. Within 30 days: Complete migration to patched or alternative software; if replacement is not feasible, establish continuous monitoring and restrict application access to trusted internal users only.

CVE-2020-37124

CRITICAL

Stack-based Buffer Overflow (CWE-121)

2026-02-05 disclosure@vulncheck.com

Buffer Overflow

9.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

9.8 CRITICAL

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

PoC Detected

Feb 05, 2026 - 20:47 vuln.today

Public exploit code

CVE Published

Feb 05, 2026 - 17:16 nvd

CRITICAL 9.8

DescriptionCVE.org

B64dec 1.1.2 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) with crafted input. Attackers can leverage an egg hunter technique and carefully constructed payload to inject and execute malicious code during base64 decoding process.

AnalysisAI

Buffer overflow in B64dec 1.1.2 base64 decoder allows attackers to execute arbitrary code by overwriting structured exception handler pointers. PoC available.

Technical ContextAI

CWE-121 stack overflow. Oversized input to the base64 decoder overwrites SEH pointers on the stack, enabling control flow hijacking.

Affected ProductsAI

B64dec 1.1.2

RemediationAI

Update to a patched version. Implement input length validation before decoding.

CVE-2020-37124 vulnerability details – vuln.today

Back

CVE-2020-37124

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

Affected ProductsAI

RemediationAI

Share

External POC / Exploit Code